Threat actors are actively exploiting a zero-day vulnerability in CrushFTP versions prior to v10.8.5 and v11.3.4_23, allowing remote administrative access through the web interface. Maintaining updated systems and monitoring for indicators of compromise are critical for defense. #CVE2025-54309 #CrushFTP #ZeroDayExploit
Keypoints
- The zero-day vulnerability in CrushFTP allows attackers to gain administrative access via the web interface.
- Exploit activity was first detected on July 18th, with earlier attempts likely starting the day before.
- Prior fixes related to other vulnerabilities inadvertently blocked this new exploit, which was discovered through reverse engineering.
- Systems updated to version v10.8.5 or v11.3.4_23 are not affected by the current exploit.
- Uses of DMZ and regular patching are recommended mitigation strategies, though security experts advise caution with DMZ reliance.